XdsKubernetesService Does Not Use the Latest OAuth Token

[minwoox]

When fetching Kubernetes information, the OAuth token must first be stored in the credentials.
The XdsKubernetesService relies on this stored credential for its operation.

centraldogma/xds/src/main/java/com/linecorp/centraldogma/xds/k8s/v1/XdsKubernetesService.java

Line 228 in 9d95540

return metaRepository.credential(credentialId)

Problem:
Currently, XdsKubernetesService only uses the credentials when creating a KubernetesEndpointGroup.
If the credentials are updated, the KubernetesEndpointGroup is not recreated to reflect the change.

Potential Solutions

1. Store the OAuth token directly in the Kubernetes configuration to ensure the latest token is always used.
2. Implement a mechanism to refetch the credentials under certain conditions, such as when an authentication exception occurs.

[ikhoon]

It seems that ConfigBuilder.withOauthTokenProvider() could be used to dynamically update the OAuth token.

[minwoox]

That's cool. 👍 Does it refetch the token when the authentication fails?

[minwoox]

I've realized that we can't use it because it's not asynchronous. 😢

[ikhoon]

I thought we could implement an OauthTokenProvider using RepositoryListener to update a new token automatically.

[minwoox]

Ah, that probably works. 👍